CVE-2013-1763 SOCK_DIAG vulnerability in Linux kernel 3.3 to 3.8 Demo

Timeline :

PoC provided by :

Reference(s) :

Affected version(s) :

Linux Kernel 3.3 to 3.8

Tested on Ubuntu 12.10 x86 with :

Kernel 3.5.0-17-generic

Description :

Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY with a family greater or equal then AF_MAX — the array size of sock_diag_handlers[]. The current code does not test for this condition therefore is vulnerable to an out-of-bound access opening doors for a privilege escalation.